EPIC Alert 20.12

=======================================================================
E P I C A l e r t
=======================================================================
Volume 20.12 June 27, 2013
-----------------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/epic_alert_20.12.html
"Defend Privacy. Support EPIC."
http://epic.org/donate
========================================================================
Table of Contents
========================================================================
[1] EPIC, Bamford, Diffie, Schneier Call for Suspension of NSA Domestic
Surveillance Program
[2] Supreme Court Upholds Privacy of Driver Records
[3] EPIC Obtains Docs Detailing FBI Collection of DMV Photos
[4] EPIC to FCC: Investigate Disclosure of Consumer Phone Records
[5] NSA Targeting and Minimization Procedures Released
[6] News in Brief
[7] EPIC in the News
[8] EPIC Book Review: 'Big Data'
[9] Upcoming Conferences and Events
TAKE ACTION: Sign EPIC's Petition Against NSA Domestic Surveillance!
- SIGN the Petition: https://epic.org/NSApetition/
- LEARN More: https://epic.org/privacy/terrorism/fisa/
- SUPPORT EPIC: http://www.epic.org/donate/
========================================================================
[1] EPIC, Bamford, Diffie, Schneier Call for Suspension of NSA Domestic
Surveillance Program
========================================================================
EPIC, joined by leading privacy and technology experts including James
Bamford, Whitfield Diffie, and Bruce Schneier, has petitioned the
National Security Agency to suspend domestic surveillance programs
pending public comment. According to recently released classified
documents, the NSA is engaging in programs that monitor US phone calls
and other forms of electronic communication, implicating the First and
Fourth Amendment rights of millions of American citizens.
EPIC's petition states: "NSA's collection of domestic communications
contravenes the First and Fourth Amendments to the United States
Constitution, and violates several federal privacy laws, including the
Privacy Act of 1974, and the Foreign Intelligence Surveillance Act of
1978 as amended." EPIC filed the petition as a request for formal
rulemaking under the Administrative Procedure Act, which states that
agency actions that substantially affect the rights of US citizens
must go through a systematic public notice and comment process before
being enacted.
The EPIC petition to the NSA further states that the NSA's domestic
surveillance "substantively affects the public to a degree sufficient
to implicate the policy interests" that require public comment, and
that "NSA's collection of domestic communications absent the opportunity
for public comment is unlawful." The NSA surveillance programs,
operating under the Foreign Intelligence Surveillance Act and heavily
classified, do not receive any public oversight. The NSA provides
classified briefings to only a handful of members of Congress, and
the agency's surveillance activities are reviewed by a secret court
known as the FISC.
Bamford is a former NSA employee and author of numerous books and
articles on the inner workings of the US intelligence community.
Diffie, a mathematician and technologist, pioneered public key
cryptography in the 1970s and 1980s. Schneier is the Chief
Technology Officer of BT Counterpane and a leading author on computer
security. All are members of the EPIC Advisory Board.
EPIC intends to renew the request each week until the NSA responds, as
required by all federal agencies under the statute. The petition is
available at http://epic.org/NSApetition.
EPIC: Rulemaking Petition to the NSA
http://epic.org/NSApetition
FISC: Order Permitting NSA Phone Surveillance (Apr. 23, 2013)
http://epic.org/privacy/nsa/Section-215-Order-to-Verizon.pdf
EPIC: NSA - Verizon Phone Record Monitoring
http://epic.org/privacy/nsa/verizon/default.html
EPIC: The Administrative Procedure Act (APA)
http://epic.org/open_gov/Administrative-Procedure-Act.html
========================================================================
[2] Supreme Court Upholds Privacy of Driver Records
========================================================================
The US Supreme Court has ruled that the exceptions in a privacy
statute that protects drivers' records should be read narrowly and that
attorneys cannot use DMV records to solicit clients. In Maracich v.
Spears, the Court ruled that solicitation is not a permissible use of
state motor vehicle records under the Driver's Privacy Protection Act
(DPPA). The DPPA says that personal information in DMV records cannot
be obtained and used by individuals except for certain enumerated
purposes.
Justice Anthony Kennedy, writing for the majority, said, "To permit
this highly personal information to be used in solicitation is so
substantial an intrusion on privacy it must not be assumed, without
language more clear and explicit, that Congress intended to exempt
attorneys from DPPA liability in this regard." Justice Kennedy further
said:
"Petitioners and other state residents have no real choice but to
disclose their personal information to the state DMV, including
highly restricted personal information. The use of that information
by private actors to send direct commercial solicitations without
the license holder's consent is a substantial intrusion on the
individual privacy the Act protects."
As Justice Kennedy explained, "Congress chose to protect individual
privacy by requiring a state DMV to obtain the license holder's
express consent before permitting the disclosure, acquisition, and
use of personal information for bulk solicitation," adding, "Direct
marketing and solicitation present a particular concern not only
because these activities are of the ordinary commercial sort but also
because contacting an individual is an affront to privacy even beyond
the fact that a large number of persons have access to the personal
information."
Writing in dissent, Justice Ruth Bader Ginsburg expressed concern that
theCourt's opinion would make it more difficult for attorneys to
contact clients.
Congress passed the DPPA in 1994 in order to prevent stalking and
solicitation using the personal information contained within motor
vehicle records. The statute contains a blanket prohibition on the use
of personal information contained within DMV records, unless the user
can meet one of the enumerated exceptions, a common formula for privacy
protection statutes. The Court ruled that Congress' formulation of
these statutes deserves deference. Justice Kennedy said that when
Congress wishes to create an exception to a privacy protection, it
uses "explicit terms." Consequently, said Kennedy, exceptions should be
interpreted "narrowly in order to preserve the primary operation of the
provision.", rather than to the outer limits of the text.
State DMV records contain a huge amount of sensitive personal
information, including Social Security Numbers, biometric identifiers,
and medical information. EPIC filed a "friend of the court" brief
discussing the wide range of personal information contained in DMV
records and the risks of identity theft. Following the enactment of
the Department of Homeland Security's REAL ID rules, state DMVs will
be required to collect and retain substantially more detailed personal
information.
In 1999, EPIC submitted a "friend of the court" brief defending the
DPPA in the case Reno v. Condon. The Supreme Court, in a unanimous
opinion by Chief Justice Rehnquist, upheld the constitutionality of
the law.
US Supreme Court: Decision in Maracich v. Spears (Jun. 17, 2013)
http://www.supremecourt.gov/opinions/12pdf/12-25_4314.pdf
EPIC: "Friend of the Court" Brief in Maracich v. Spears (Nov. 16, 2012)
http://epic.org/redirect/112112-epic-marchich-amicus.html
EPIC: Driver's Privacy Protection Act
http://epic.org/privacy/drivers/
EPIC: Maracich v. Spears
http://epic.org/amicus/dppa/maracich/
EPIC: Reno v. Condon
http://www.epic.org/privacy/drivers/epic_dppa_brief.pdf‎
========================================================================
[3] EPIC Obtains Docs Detailing FBI Collection of DMV Photos
========================================================================
EPIC has obtained, via a Freedom of Information Act request, a number
of agreements between the FBI and state DMVs. The agreements allow the
FBI to use facial recognition to compare subjects of FBI investigations
with the millions of license and identification photos retained by
participating state DMVs.
According to the documents obtained by EPIC, this facial recognition
program is run by the FBI's Facial Analysis, Comparison, and Evaluation
Services (FACES) Unit. According to a Standard Operating Procedure for
FACES, the "service will be expanded to include a larger customer base
as the operation evolves." Currently, the FACES team provides a photo
to state DMVs, which then return up to 25 results per DMV for
evaluation. FACES also has access to photos from other federal
databases, including the Departments of State and Defense.
A Privacy Threshold Analysis obtained by EPIC indicates that a Privacy
Impact Assessment is required of FACES, but to date EPIC has not
received any documentation to indicate that a Privacy Impact Assessment
had been performed.
In addition to facial recognition programs, the FBI is developing a
biometric database program called "Next Generation Identification;"
photographs used for facial recognition will be part of this database.
EPIC is suing the FBI to learn more about the development of Next
Generation Identification, which will include iris scans, DNA profiles,
voice identification profiles, and palm prints.
EPIC: FOIA Request to FBI re: FACES (Mar. 29, 2013)
http://epic.org/foia/fbi/faces/EPIC-FOIA-Request-FBI-DMV-MOUs.pdf
EPIC: FBI Agreements with State DMVs (Mar. 2013)
http://epic.org/foia/fbi/faces/FBI-MOUs-FACES-Unit.pdf
EPIC: FBI FACES Unit Standard Operating Procedure (Apr. 9, 2013)
http://epic.org/foia/fbi/faces/FBI-SOP-FACES-Unit.pdf
EPIC: FBI FACES Privacy Threshold Analysis (Apr. 1, 2011)
http://epic.org/foia/fbi/faces/FBI-PTA-FACES-Unit.pdf
EPIC: EPIC v. FBI - Next Generation Identification
http://epic.org/foia/fbi/ngi/
EPIC: Facial Recognition
http://epic.org/privacy/facerecognition/
========================================================================
[4] EPIC to FCC: Investigate Disclosure of Consumer Phone Records
========================================================================
In a letter to Federal Communications Commission Chair Mignon Clyburn,
EPIC has urged the agency to determine whether Verizon violated the
Communications Act when it released consumer call detail information to
the National Security Agency (NSA). In early June, UK newspaper The
Guardian reported that, in response to a Foreign Intelligence
Surveillance Court order, Verizon had released identifying call
metadata to the NSA, including telephone numbers, time of call, and
call duration. The Guardian also published a copy of the classified
order.
EPIC's letter argues that, by "surrendering protected information of
its consumers in response to a facially invalid order, Verizon has
violated the legal protections surrounding consumer proprietary
network information ('CPNI')," which includes the time, date,
duration, destination number, and location of telephone calls, and any
other information that appears on the subscriber's telephone bill.
According to the letter, a key provision of the Telecommunications Act
"places strict limits on telecommunications carriers' ability to
disclose CPNI. Disclosure is only permitted as required by law, with
the customer's consent, or pursuant to four narrowly drawn exceptions
related to the facilitation of telecommunications or emergency
services."
"Verizon's disclosure of CPNI to the NSA was not authorized under the
Telecommunications Act because it did not fall under any of the Act's
permissible disclosures. Verizon customers did not authorize these
disclosures," EPIC's letter maintains. The letter also refers the FCC
to EPIC's June 7 letter to Congress, detailing the illegality of the
FISC order that presumably formed the basis for Verizon's disclosures
of CPNI.
"The role of carriers like Verizon is particularly important because
the structure of the Foreign Intelligence Surveillance Act does not
allow for meaningful public oversight or accountability," EPIC
argues. Thus, "millions of consumers had no way of knowing that their
personal information had been illegally provided to the NSA by Verizon"
- yet at the same time, "these consumers are completely dependent on
Verizon for the protection of their personal phone records."
Congress explicitly charged the Commission with investigating
unauthorized disclosures of consumer call detail information. Over 20
years ago, the FCC ruled that CPNI "belongs to the customers," not
carriers, and restricted carriers' use of CPNI. Since then, the
Commission has exercised authority numerous times to protect the
privacy of consumers' phone records. EPIC's letter therefore urged the
FCC to "investigate Verizon's violations of the Telecommunications Act,
and its consumers' privacy, by surrendering protected information in
response to a plainly unlawful order."
EPIC: Letter to FCC re: NSA Surveillance (Jun. 11, 2013)
http://epic.org/privacy/terrorism/fisa/EPIC-FCC-re-Verizon.pdf
FISA: Verizon Order (Apr. 23, 2013)
http://epic.org/privacy/nsa/Section-215-Order-to-Verizon.pdf
EPIC: Foreign Intelligence Surveillance Act
http://epic.org/privacy/terrorism/fisa/
EPIC: Clapper v. Amnesty Int'l
http://epic.org/amicus/fisa/clapper/
EPIC: USA PATRIOT Act
http://epic.org/privacy/terrorism/usapatriot/
========================================================================
[5] NSA Targeting and Minimization Procedures Released
========================================================================
Top Secret documents recently published by the UK's Guardian newspaper
reveal the National Security Agency's procedures for targeting non-US
citizens under the Foreign Intelligence Surveillance Act, as well as
the minimization procedures for information collected about US
citizens. The documents indicate that "[a] person whose location is not
known will be presumed to be a non-United States person." The
minimization procedures also contain a number of exceptions that allow
for the NSA to collect domestic communications.
According to the documents, the NSA may collect any communications
based on the fact that the communications are encrypted, and retain the
encrypted information for as long as needed to exploit it. The
documents also indicate the NSA maintains databases of the telephone
numbers, email accounts, and other identifiers of US citizens.
In response to the recent revelations about NSA domestic surveillance,
Senator Patrick Leahy (D-VT), joined by several other US senators, has
introduced a bill amending certain provisions of the USA PATRIOT Act
and the FISA Amendments Act. The bill would increase the NSA's
threshold for obtaining domestic metadata, require court-approved
minimization procedures, and move up expiration dates on surveillance
authorities to June 2015.
EPIC recently petitioned the NSA to suspend domestic surveillance
pending public comment. In May 2012, EPIC testified before Congress on
the FISA Amendments Act of 2008 and made recommendations on improving
public accountability and oversight for FISA. EPIC urged Congress
not to reauthorize the FISA Amendments Act until adequate oversight
procedures were in place. "Where the government is given new
authorities to conduct electronic surveillance, there should be new
means of oversight and accountability," EPIC stated.
NSA: Minimization Procedures in Foreign Intelligence (Jul. 28, 2009)
http://epic.org/redirect/062613-nsa-minimization.html
NSA: Procedures for Targeting Non-US Persons (July 28, 2009)
http://epic.org/redirect/062613-nsa-targeting.html
Sen. Patrick Leahy (D-VT): Text of FISA Bill (Jun. 2013)
http://www.leahy.senate.gov/download/sch13282
EPIC: NSA Petition (Jun. 17, 2013)
http://epic.org/NSApetition/
EPIC: Testimony on the FISA Amendments Act of 2008 (May 31, 2012)
http://epic.org/redirect/073012-epic-fisa-testimony.html
EPIC: Foreign Intelligence Surveillance Act (FISA)
http://epic.org/privacy/terrorism/fisa/
========================================================================
[6] News in Brief
========================================================================
EU Commissioner Asks Attorney General to Explain US Spying
European Justice Commissioner Viviane Reding has demanded that US
Attorney General Eric Holder explain the scope of US data collection on
EU citizens. "Direct access of US law enforcement to the data of EU
citizens on servers of US companies should be excluded unless in
clearly defined, exceptional and judicially reviewable situations," the
Commissioner wrote. The Commissioner's request is similar to that made
by other European officials, including German Justice Minister Sabine
Leutheusser-Schnarrenberger, who also stated that "all facts must be
put on the table." Recent reports indicate that US lobbied the European
Commission to weaken a comprehensive data protection law now pending in
the European Parliament. Earlier in 2013, EPIC joined a coalition of
leading US consumer and civil liberties organizations expressing concern
about the role of US officials in the development of European privacy
law. The coalition's letter stated that "without exception," members of
the European Parliament reported that the US government was "mounting
an unprecedented lobbying campaign to limit the protections that
European law would provide."
EU Justice Commissioner: Letter to USAG re: NSA (Jun. 13, 2013)
http://www.statewatch.org/news/2013/jun/eu-usa-reding-ag.letter.pdf
German Justice Ministry: Statement on NSA (Jun. 12, 2013)
http://epic.org/redirect/062613-german-nsa-statement.html
EU: Draft of Data Protection Law (Jan. 25, 2013)
http://epic.org/redirect/062613-eu-data-law-draft.html
EPIC et al.: Letter to US Officials re: EU Privacy Law (Feb. 4, 2013)
http://epic.org/privacy/intl/NGOs-to-US-Gov-re-EU-US-Privacy.pdf
EPIC: EU Data Protection Regulation
http://epic.org/privacy/intl/eu_data_protection_directive.html
EPIC, Coalition Demand Congress Investigate NSA Surveillance
EPIC and a coalition of over 100 civil liberties organizations and
Internet companies have sent a letter to the US Congress, demanding a
full-scale investigation into the National Security Agency's domestic
surveillance activities. The coalition's letter emphasized the need
for public transparency and an end to dragnet surveillance: "This type
of blanket data collection by the government strikes at bedrock
American values of freedom and privacy," the letter states. EPIC is
also spearheading a petition to the NSA that requires the agency to
suspend programs that collect information on all US persons. EPIC
intends to renew the request to the agency every week until the NSA
responds.
Civil Liberties/Internet Coalition: Letter to Congress (Jun. 2013)
http://epic.org/privacy/nsa/Coal-NSA-Spy-Ltr.pdf
EPIC: Petition to NSA to Stop Data Collection on US Persons
http://epic.org/NSApetition
EPIC: NSA: Verizon Phone Record Monitoring
http://epic.org/privacy/nsa/verizon/default.html
EPIC: USA PATRIOT Act
http://epic.org/privacy/terrorism/usapatriot/
EPIC: Domestic Surveillance
http://epic.org/features/surveillance.html
EPIC Opposes DHS Biometric Collection
EPIC has submitted comments to the Department of Homeland Security,
staunchly opposing the agency's border biometric collection,
facilitated through the Office of Biometric Identity Management
program. Since at least 2004, DHS has collected fingerprints and facial
photos from individuals entering the US, which are then disseminated to
DHS agency components, other federal agencies, "federal, state, and
local law enforcement agencies," and the "federal intelligence
community." Currently, at least 30,000 individuals from federal, state,
and local governments can access the DHS biometric data, which DHS also
shares with foreign governments, including Canada, Australia, and the
United Kingdom. EPIC's comments urge the agency to cease collecting
biometric information without proper privacy safeguards in place.
Should the agency continue to collect this sensitive information, EPIC
recommends that DHS: (1) impose strict information security safeguards
on biometric information collection and limit dissemination of
biometric information; (2) conduct a comprehensive privacy impact
assessment on the biometric collection program; (3) grant individuals
Privacy Act rights before collecting additional biometric information;
and (4) adhere to international privacy standards.
EPIC: Comments to DHS re: US Border Biometric Collection (Jun. 14, 2013)
http://epic.org/privacy/biometrics/EPIC-OBIM-Cmts.pdf
DHS: RFC on US Border Biometric Collection (Apr. 15, 2013)
http://www.gpo.gov/fdsys/pkg/FR-2013-04-15/pdf/2013-08718.pdf
DHS: Government Agencies Using US-VISIT
http://www.dhs.gov/government-agencies-using-us-visit
EPIC: US-VISIT
http://epic.org/privacy/us-visit/
EPIC: Biometrics
http://epic.org/privacy/biometrics/
EPIC Recommends Privacy Protections for Natural Disaster Survivors
In comments to the National Institutes of Health, an agency component
of the US Department of Health and Human Services, EPIC urged the
agency to safeguard personally identifiable information following
natural disasters. The agency proposes to use the "People Locator"
system and related mobile app ReUnite to reunite "family and friends
who are separated during a disaster." The People Locator system allows
third parties to enter highly sensitive information about each missing
or located individual, which in turn is accessed by the public,
including an individual's name, location, date of birth, race,
religion, health status, address, and photographs. EPIC recommended
that the agency: (1) limit data collection to relevant information;
(2) protect the system's security by implementing data access control
and establishing data quality standards; (3) define a record retention
and disposal schedule; (4) establish guidelines, which adhere to the
Fair Information Practices, for disclosures to third parties.
EPIC: Comments to NIH re: Disaster People Locator (Jun. 14, 2013)
http://epic.org/redirect/062613-epic-nih-comments.html
NIH: Request for Comments on People Locator System (Apr. 15, 2013)
http://www.gpo.gov/fdsys/pkg/FR-2013-04-15/pdf/2013-08788.pdf
NIH: Lost Person Finder
https://lpf.nlm.nih.gov/
EPIC: Locational Privacy
http://epic.org/privacy/location_privacy/
Senator Paul Seeks Answers about FBI's Domestic Drone Use
Senator Rand Paul (R-KY) has sent a letter to FBI Director Robert
Mueller seeking answers about the FBI's domestic use of drones. In a
recent US Senate Judiciary Committee hearing on FBI oversight,
Director Mueller admitted that the FBI uses drones for domestic
surveillance. Mueller also stated there were no guidelines in place
to regulate the FBI's use of drones or protect the privacy of
Americans. In 2012, EPIC petitioned the Federal Aviation
Administration to conduct a public rulemaking addressing domestic
drones' threat to privacy and civil. Earlier in 2013, EPIC
petitioned the Bureau of Customs and Border Protection to establish
privacy regulations for CBP's drone use, and testified before the US
Congress on domestic drones and privacy.
Sen. Rand Paul (R-KY): Letter re: Domestic Drone Use (Jun. 20, 2013)
http://www.paul.senate.gov/files/documents/MuellerDrones.pdf
US Senate Judiciary Comm.: Hearing on Domestic Drones (Jun. 19, 2013)
http://epic.org/redirect/062613-senate-drones.html
EPIC et al.: Petition to FAA re: Drone Privacy (Feb. 24, 2012)
http://epic.org/privacy/drones/FAA-553e-Petition-03-08-12.pdf
EPIC: Petition to CPB re: Domestic Drone Privacy (Mar. 2013)
http://epic.org/drones_petition/
EPIC: Testimony Before US Congress on Domestic Drones (Mar. 13, 2013)
http://epic.org/redirect/032913-epic-drone-testimony.html
EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones
http://epic.org/privacy/drones/
Privacy Officials Seek Answers on Google Glass
More than 30 international privacy officials, including the Privacy
Commissioner of Canada and the Chairman of the EU's Article 29 Working
Party, have written to Google demanding information on Google Glass.
"[W]e would strongly urge Google to engage in a real dialogue with data
protection authorities about Glass," the letter states. The coalition
also lists eight specific questions for Google to answer, including how
Glass complies with privacy laws and how Google intends to use the
information collected by Glass. Recently, members of the US
Congressional Bi-Partisan Privacy Caucus wrote to Google with similar
questions about Glass; following the letter, Google announced that it
would not approve any facial recognition apps for Glass.
Canadian Privacy Commissioner: Letter to Google (Jun. 18, 2013)
http://www.priv.gc.ca/media/nr-c/2013/nr-c_130618_e.asp
US Congress: Bi-Partisan Privacy Caucus Letter to Google (May 16, 2013)
http://joebarton.house.gov/images/GoogleGlassLtr_051613.pdf
Google: Press Release on Glass and Facial Recognition (May 31, 2013)
https://plus.google.com/u/0/+projectglass/posts/fAe5vo4ZEcE
EPIC: Google Glass and Privacy
http://epic.org/privacy/google/glass/default.html
European Privacy Authorities Give Google 3 Months to Comply with Law
European data protection authorities have ordered Google to comply with
EU data protection law or face fines. The French Data Protection
Authority (CNIL), which led the investigation into Google's
consolidation of user data, stated that "Google has not implemented any
significant compliance measures", and gave the company three months to
comply with CNIL requirements. The decision follows an investigation
triggered by the collapse of the Google privacy policy in March 2012,
which allowed the company to combine user data across 60 Internet
services to create detailed profiles on Internet users. In response,
EPIC sued the Federal Trade Commission to enforce the terms of a
settlement with Google that would have prohibited changes in Google's
business practices. Google's consolidation also prompted objections
from state attorneys general, members of Congress, and IT managers in
the government and private sectors.
CNIL: Press Release on Google Order (Jun. 20, 2013)
http://epic.org/redirect/062613-cnil-google-press-release.html
NAAG: Letter to Google re: Privacy Policy Changes (Feb. 22, 2012)
http://epic.org/redirect/022912-naag-google-letter.html
US Congress: Bi-Partisan Privacy Caucus Letter to FTC (Feb. 17, 2012)
http://epic.org/redirect/030113-priv-caucus-letter-google.html
SafeGov: Blog Post on Google Privacy Changes (Jan. 25, 2012)
http://epic.org/redirect/022912-safegov-google-post.html
EPIC: In re: Google Buzz
http://epic.org/privacy/ftc/googlebuzz/
EPIC: EPIC v. FTC (Enforcement of the Google Consent Order)
http://epic.org/privacy/ftc/google/consent-order.html
EPIC's Rotenberg: "Time to Restore Oversight of Domestic Surveillance"
Writing in The Washington Post, EPIC President Marc Rotenberg said
that there is a clear problem that needs to be addressed following the
news report of the NSA's domestic surveillance program: "the Foreign
Intelligence Surveillance Court (FISC) is an inadequate check on the
government's demands for personal information." Rotenberg pointed
to the routine approval of all surveillance orders presented to the
surveillance court. He also wrote that the court has exceeded its
statutory purpose. "No longer tethered to the mission of enabling the
monitoring of foreign agents or the collection of foreign intelligence,
the FISC's enormous surveillance authorities are now directed to the
daily activities of Americans." EPIC's President concluded, "It may be
the case that the government needs access to vast amounts of telephone
records and the user data held by Internet firms. But that argument can
no longer be made to a court where there is no meaningful review and
too little public accountability."
Marc Rotenberg in The Washington Post: "It Is Time to Return to
Oversight of Surveillance Authority" (Jun. 12, 2013)
http://www.washingtonpost.com/opinions/it-is-time-to-return-to-
oversight-of-surveillance-authority/2013/06/12/522fe660-d217-
11e2-9577-df9f1c3348f5_story.html
========================================================================
[7] EPIC in the News
========================================================================
"Tech companies fret over loss of consumers' trust after NSA
revelations." The Hill, June 24, 2013.
http://thehill.com/blogs/hillicon-valley/technology/307183-tech-
companies-fret-over-loss-of-consumers-trust#ixzz2XLrdhSJV
"Obama Meets with privacy watchdog panel . . . in private." The
Washington Times, June 23, 2013.
http://www.washingtontimes.com/news/2013/jun/23/obama-meets-privacy-
watchdog-panel-private/?utm_source=RSS_Feed
"EPIC publishes comments on DHS biometric border management." Biometric
Update, June 21, 2013.
http://www.biometricupdate.com/201306/epic-publishes-comments-on-
dhs-biometric-border-management/
Opinion: "BOVARD: Transportation security doesn't include the freedom
to molest." The Washington Times, June 20, 2013.
http://www.washingtontimes.com/news/2013/jun/20/transportation-
security-doesnt-include-the-freedom/
"FBI director confirms limited drone use in U.S." Constitution Daily,
June 19, 2013.
http://blog.constitutioncenter.org/2013/06/fbi-director-confirms-
limited-drone-use-in-u-s/
"Tech companies jockey to seem the most transparent." CNN, June 18,
2013.
http://www.cnn.com/2013/06/18/tech/web/tech-companies-data-
transparent
"Yahoo releases number of data requests, calls for transparency."
The Christian Science Monitor, June 18, 2013.
http://www.csmonitor.com/Innovation/2013/0618/Yahoo-releases-
number-of-data-requests-calls-for-transparency
"FBI Driver's License Photo Searches Raise Privacy Questions."
Information Week Security, June 18, 2013.
http://www.informationweek.com/security/privacy/fbi-drivers-
license-photo-searches-raise/240156871
"More Data on Privacy, but Picture Is No Clearer." The New York Times,
June 17, 2013.
http://www.nytimes.com/2013/06/18/technology/more-data-on-privacy-
but-picture-is-no-clearer.html?_r=0
"Body scanner ruling could squelch NSA domestic spying." CNet, June
17, 2013.
http://news.cnet.com/8301-13578_3-57589640-38/body-scanner-ruling-
could-squelch-nsa-domestic-spying/
Marc Rotenberg Op-Ed.: "It Is Time to Return to Oversight of
Surveillance Authority." The Washington Post, June 12, 2013.
http://www.washingtonpost.com/opinions/it-is-time-to-return-to-
oversight-of-surveillance-authority/2013/06/12/522fe660-d217-
11e2-9577-df9f1c3348f5_story.html
For More EPIC in the News: http://epic.org/news/epic_in_news.html
========================================================================
[8] EPIC Book Review: 'Big Data'
========================================================================
"Big Data: A Revolution That Will Transform How We Live, Work, and
Think," Viktor Mayer-Schonberger and Kenneth Cukier
http://epic.org/redirect/062613-big-data-cukier-mayer.html
Two provocative thinkers - The Economist Magazine's Kenneth Cukier and
Oxford University professor Viktor Mayer-Schonberger - have joined
forces to write this intriguing and forward looking-book about big
data, punctuated with examples from both past and present to illustrate
what our increasingly "datafied" future holds for us. According to the
authors, data is now the "oil of the information economy" and at the
core of big data is making predictions. This book demonstrates both the
current importance of big data and how data's predictive ability has
the potential for great societal benefits as well as harm.
"Big Data" begins with an overview of current issues, providing the
reader with insight into the concepts and themes covered in the
following chapters. Mayer-Schonberger and Cukier stress the
"datafication" of our world, big data's inherent messiness, the
unexpected correlations it exposes, and its (often latent) value. The
authors then use this framework to lay the groundwork for understanding
big data's potential benefits.
This book makes clear that central to big data's transformative power
is its wealth of hidden correlations; predicting the future via data
analysis can irrevocably change society. Big data correlations, are,
for example, what allowed Google to predict the spread of flu better
than the CDC, a company called Farecast to predict the best time to buy
an airline ticket, and Amazon to predict what books you might read.
Using real-world examples allows "Big Data" to jump nimbly from one
concept to the next.
The authors, however, warn about the effects of a "big data world."
They suggest that big data threatens to do three harms to our society:
further compromise our privacy, undermine our individuality, and create
blind adherence to big data decisions. To counter these potential
pitfalls, Mayer-Schonberger and Cukier offer a number of big-data
controls, including the need for big-data users to exercise greater
responsibility and accountability. The authors also suggest safeguards
for human agency, lest we begin condemning people for their calculated
propensities rather their actions. Finally, Mayer-Schonberger and
Cukier propose a new profession: "Data algorithmnists," whose job will
be to pierce the black box of data analysis to ensure its integrity and
right the wrongs for individuals at the wrong end of a bad data-based
decision.
"Big Data" has a nice, swift flow that makes it an enjoyable read, but
big data's enormous potential for both good and ill makes the reader
feel a little short-changed by the book's lack of depth. It's clear,
though, that the big data movement is progressing, and we as a society
will need to decide whether we want our every move "datafied" or
scrutinized by algorithms to predict our every proclivity.
--Jeramie D. Scott
================================
EPIC Publications:
"Litigation Under the Federal Open Government Laws 2010," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark
S. Zaid (EPIC 2010). Price: $75.
http://epic.org/bookstore/foia2010/
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access laws.
This updated version includes new material regarding President Obama's
2009 memo on Open Government, Attorney General Holder's March 2009 memo
on FOIA Guidance, and the new executive order on declassification. The
standard reference work includes in-depth analysis of litigation under:
the Freedom of Information Act, the Privacy Act, the Federal Advisory
Committee Act, and the Government in the Sunshine Act. The fully updated
2010 volume is the 25th edition of the manual that lawyers, journalists
and researchers have relied on for more than 25 years.
================================
"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.
================================
"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
================================
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.
================================
"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.
================================
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
================================
EPIC publications and other books on privacy, open government, free
expression, and constitutional values can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore
================================
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
http://mailman.epic.org/mailman/listinfo/foia_notes
=======================================================================
[9] Upcoming Conferences and Events
=======================================================================
The Public Voice Conference, Warsaw, Poland, September 2013. For More
Information: http://thepublicvoice.org.
=======================================================================
Join EPIC on Facebook and Twitter
=======================================================================
Join the Electronic Privacy Information Center on Facebook and Twitter:
http://facebook.com/epicprivacy
http://epic.org/facebook
http://twitter.com/epicprivacy
Join us on Twitter for #privchat, Tuesdays, 11:00am ET.
Start a discussion on privacy. Let us know your thoughts. Stay up to
date with EPIC's events. Support EPIC.
=======================================================================
Privacy Policy
=======================================================================
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."
=======================================================================
About EPIC
=======================================================================
The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
=======================================================================
Donate to EPIC
=======================================================================
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite
200, Washington, DC 20009. Or you can contribute online at:
http://www.epic.org/donate
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government and private-sector
infringement on constitutional values.
Thank you for your support.
=======================================================================
Subscription Information
=======================================================================
Subscribe/unsubscribe via web interface:
http://mailman.epic.org/mailman/listinfo/epic_news
Back issues are available at: http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 20.12------------------------